CMIT350 Project 2 PDF

Preview

Summary

The full cover of project 2...

Description

Cisco Network Proposal (Part 2) Course: CMIT350 Prof: James Graves Written by: Mohammad Tanzim Date: 02/11/2018

Summary: 1) Worchester Subnetting Configurations and Boston Site Protocol, Route Summarization, and Topology Improvements 2) Bibliography a. I.Worchester Site b. Site Details and Challenges I can take one 2800 series integrated services router which will be verified and running within FastEthernet conncetion of 0/1-4, Serial Interfaces S0/0/0 and S0/0/1. I will also add 3 switches model of Catalyst 6500 series including 96 Gigabit ports within four modules. Four VLANs will be added later for specific devices which should be verified. Let total of 4 VLAN for the faculty of UMUC which are different each to other. One will go for Faculty, and next three is for Administrative, Instructional and server sites. If the Worchester site has 288 total devices and it may need more in future, the network can be provided with 10.20.0.0/16 IPs including of 65,534 hosts. While choosing the subnet I picked /24 that can go for the largest VLAN. For the smaller VLAN, I will keep some space for future if needed. Network ID

Range

10.20.1.0

10.20.1.110.20.1.254

10.20.3.0

10.20.3.110.20.3.254

Subnet Mask

CIDR Value /24

Broadcast

VLAN

10.20.1.255

Faculty

/24

10.20.3.255

Administrativ e

255.255.255. 0 255.255.255.

0 10.20.5.0

10.20.7.0 10.20.10.0

10.20.5.110.20.5.254 10.20.7.110.20.7.254 10.20.10.110.20/10/25 4

/24

10.20.5.255

Instructional

/24

10.20.7.255

Server

/24

10.20.10.25 5

Future

255.255.255. 0 255.255.255. 0 255.255.255. 0

In the conclusion, this site can use all ports without having and IP scheme that can allow for additional growth. Efficient IP scheme can be implemented to cope with future needs. Purchasing extra switch or hubs also provide adequate range for its users and employees. Boston site protocol, Default Routing, Summarization and Topology 1) Routing Protocol: There are mainly three types of protocols: Open shortest path first protocols (OSPF), Enhanced interior gateway routing protocol (EIGRP), and Routing information protocol (RIP). a) OSPF defines as classless which like to work through multi-vendor network [1]. It is classless and link-stated and able to carry large networks. This type of protocol is generally used for industrial purpose. It used Dijkstra’s algorithm. b) EIGRP can provide little shorter in internally, but it has bigger range externally. This is mainly the protocol for Cisco’s proprietary issues. c) The last tone which was name RIP can provide administrative distance of 120. It is based on the number of hops.

Even though all protocols are useful I will recommend using OSPF for its different vendors and exclusion of Cisco devices. The usage of metrics to identify the best route can be done easily with this protocol. IP addresses can be used moderately trough this OSPF. It can take more memory than others, but this protocol is efficient for space of IPD address. I may avoid RIP because it works on the base of traffic routes which counts hop without considering the cost. Therefore, the total administrative cost can be over multiple hops will equal less than a single hop. Moreover, EIGRP is no longer a cisco proprietary routing protocol anymore as it is moving to lS-lS state link local protocol slowly.

2) Summarization: The router 1 of Boston is connected to four networks at its fa1/0 interface. The networks are: fa1/0.10

10.10.1.1/24

fa1/0.20

10.10.3.1/24

fa1/0.30

10.10.5.1/24

fa/0.40

10.10.7.1/24

From identifying the common in binary numbers, 21 bits are mutual as well summarized address can be written as 10.10.1.0/24. Therefore, the router can use the address of 10.10.1.0/24 at FastEthernet1/0 interface. By doing the same decimal notation for rest of all router, that will possible to get 19 bits in common and written as 10.10.1.0/19 3) Default Route: The default route works as static route. It does not take real network address in the IP route command. However, it uses all 0 and the hope interface address. If a user is not sure the destination of sending data, he might send on default path. Unless a default route has been with proper destination, the router may throw out the packet. Boston Router 1 to Router 2 Router1(config)#ip route 0.0.0.0 10.10.255.254 ROUTER1(config)#ip route 0.0.0.0 fa0/0

Boston Router 1 to Router 3 Router1(config)#ip route 0.0.0.0 10.10.255.252 Router1(config)#ip route 0.0.0.0 fa0/2

Boston Router 1 to Internet Router1(config)#ip route 0.0.0.0 163.126.61.1 Router1(config)#ip route 0.0.0.0 s0/1

Default route from Router 2 to Router1 Router2(config)#ip route 0.0.0.0 0.0.0.0 10.1.255.251

Default route from Router 3 to Router1 Router3(config)#ip route 0.0.0.0 0.0.0.0 10.10.255.45

Configure default route on Router 1 Router1(config)#ip route 0.0.0.0 0.0.0.0 165.128.61.1 4) Topology: For the best results and load balancing another connection can be used from Boston, MA router 2 to Router 3. If any unused address left, that can be also usable from network address. In the topology I have discovered some weakness and internal security factors in Boston Site network. Therefore, I am going to give some suggestion that will help to overcome the security and critical issues. Boston site should encrypt all the passwords and confidential data. Configuring text and login banner for all the switches is necessary. Trunk mode should be on and the Rapid per VLAN Spanning Tree Protocol which is called Rapid PVSTP+ is to be configured for giving better performance on network. Port security is important where PortFast and BPDU command can be used to keep secure all the ports from unauthentically access. “DHCP is vulnerable to a number of attacks, including the rogue DHCP server, DHCP starvation, and malicious DHCP client attacks”. (Introduction, Securing ARP and DHCP). Consequently, this hosts connection should be secured from all the exchanging servers. In addition, virtualization hosts are serious concern where Boston MA can face cyberattack. Therefore, all the physical access in entry points should be covered through proper shield. Host clusters are used to increase the security of VM. Firewall is another name of defense which can limit the range of network to protect from all threats. To keep the private network secure and hide, Boston security can use VPN. Also, all the unnecessary features of network, unused and local ports, migrating host should be checked often.

c.

Routing protocol

BostonSiteRouter2>ena BostonSiteRouter2#conf t BostonSiteRouter2(config)#int fa 0/1 BostonSiteRouter2(config-if)#ip add 10.10.255.253 255.255.255.252 BostonSiteRouter2(config-if)#router osfp 5 BostonSiteRouter2(config-router)#network 10.10.255.0 0.0.0.3 area 0 BostonSiteRouter2(config-router)#network 10.10.0.0 0.0.7.0 area 0

Configure Routing Protocol at Router 3 BostonSiteRouter3>ena BostonSiteRouter3#conf t BostonSiteRouter3(config)#int fa 0/1 BostonSiteRouter3(config-if)#ip add 10.10.255.249 255.255.255.252 BostonSiteRouter3(config-if)#router osfp 5 BostonSiteRouter3(config-router)#network 10.10.255.0 0.0.0.3 area 0 BostonSiteRouter3(config-router)#network 10.10.0.0 0.0.7.0 area 0

Citation:

1) "14.1.4 OSPF Facts,” TestOut, 2017. [Online]. Available: https://cdn.testout.com/client-v5-1-10-487/startlabsim.html. [Accessed 02 11 2018]. 2) X. Yu, W. Lei, L. Song, W. Zhang, “A Routing Algorithm Based on SDN for OnBoard Switching Networks.”, Journal of Information Science & Engineering, Vol. 33, no. 12, p1255-1266, Sept. 2017

3) O. Younes and Sadhana, “Securing ARP and DHCP for mitigating link layer

attacks,” Vol. 42, no. 12, pp 2041-2053, Dec. 2017....